Implementing Azure Routing Using PowerShell

In a previous post, How Do You Customize Routing in Azure?, I explained why we might use user defined routing in Azure. I then followed that up with a post to show you how to create a route table and routes using the Azure Portal. In this post I will show you how use PowerShell to create a route table and routes, and associate that route table to virtual subnets.

Before We Begin

You can also use classic (Service Manager) PowerShell cmdlets to create user defined routes.

The Task

Once again, I’m deploying a simple solution where a customer has chosen to deploy a site-to-site VPN solution using a virtual appliance from the Azure Marketplace. The virtual appliance, a virtual machine, is on the same subnet as the other Azure virtual machines. A user defined route is required to override the system route to ensure that all traffic to the customer’s on-premises subnet(s) will be redirected through the appliance and the VPN tunnel instead of to the Internet.

The Desired Solution

User defined routing will be used to fix the above problem. A route table will be created. A single route will be added:

AddressPrefix: The network address (192.168.1.0/24) of the on-premises network will be used as the destination address.

NextHopType: VirtualAppliance will be used because the next hop is a virtual machine.

NextHopIPAddress: The IP address of the virtual appliance on the Azure subnet (10.1.0.10) will be defined as the IP gateway address for this route.

When a packet is being sent from a virtual machine in the subnet to anywhere on 192.168.1.0/24, then the user defined rule will match and override the system route for routing the traffic to the Internet.

Implementing the Solution

We are using ARM PowerShell cmdlets in Azure V2, so you’ll need to log into Azure first:

PowerShell

1

Login-AzureRmAccount

List your Azure subscriptions:

PowerShell

1

Get-AzureRmSubscription

Then select the subscription that you want to work with from the above results:

Next we will add a route to the just-created route table. Note how we are setting the destination network address (192.168.1.0/24) as the AddressPrefix, configuring a virtual machine as the next hop type, and configuring the IP address of the virtual machine as the gateway to the route.

This is where you’ll go and test your routing and it will fail. This is because the Azure fabric will not allow the NIC of the virtual machine to perform IP forwarding. You must enable IP forwarding for the NIC of any virtual appliance that will be routing.

Your virtual appliance might have multiple NICs so this next cmdlet will allow you to select which one you want to configure: